This paper examines the democratic implications of algorithmic risk profiling in European Union migration governance, focusing on how upstream processes of rule design and classification shape accountability and public trust. Using the Schengen Information System (SIS II) as a primary case study, with reference to the European Travel Information and Authorisation System (ETIAS), the research investigates whether the delegation of authority over risk criteria to technocratic bodies weakens democratic oversight in border control.

Grounded in Principal–Agent theory, the study conceptualises large-scale information systems not as autonomous decision-makers but as instruments through which politically consequential discretion is relocated from elected institutions to expert networks operating with limited transparency. Through document analysis, it traces how alert categories, listing standards and screening indicators are established and applied across national and EU agencies. V-Dem indicators on executive oversight, transparency and rule-of-law capacity provide contextual benchmarks for assessing the ability of democratic institutions to monitor and contest these governance arrangements.

The analysis demonstrates that democratic risks arise less from automated enforcement than from the opaque definition of risk profiles that structure who becomes subject to surveillance, exclusion or coercive measures. These processes translate normative judgments into technical parameters shielded from political scrutiny and legal challenge. Automation then amplifies their effects by stabilising and scaling classifications across borders.

The paper argues that this configuration produces accountability gaps that undermine procedural legitimacy and public trust in EU migration governance, calling for stronger mechanisms of transparency, parliamentary oversight and legal contestation.